Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-01-10 | CVE-2014-8020 | Resource Management Errors vulnerability in Cisco Unified Communications Domain Manager Cisco Unified Communication Domain Manager Platform Software allows remote attackers to cause a denial of service (CPU consumption, and performance degradation or service outage) via a flood of malformed TCP packets and UDP packets, aka Bug ID CSCup25276. | 5.0 |
| 2015-01-09 | CVE-2014-8033 | Improper Authentication vulnerability in Cisco Webex Meetings Server The play/modules component in Cisco WebEx Meetings Server allows remote attackers to obtain administrator access via crafted API requests, aka Bug ID CSCuj40421. | 5.0 |
| 2015-01-09 | CVE-2014-8032 | Information Exposure vulnerability in Cisco Webex Meetings Server The OutlookAction LI in Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive encrypted-password information via unspecified vectors, aka Bug IDs CSCuj40453 and CSCuj40449. | 4.0 |
| 2015-01-09 | CVE-2014-8031 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Webex Meetings Server Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj40456. | 6.8 |
| 2015-01-09 | CVE-2014-8030 | Cross-site Scripting vulnerability in Cisco Webex Meetings Server Cross-site scripting (XSS) vulnerability in sendPwMail.do in Cisco WebEx Meetings Server allows remote attackers to inject arbitrary web script or HTML via the email parameter, aka Bug ID CSCuj40381. | 4.3 |
| 2015-01-09 | CVE-2014-8029 | Open Redirection vulnerability in Cisco Secure Access Control Server Open redirect vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, aka Bug ID CSCuq74150. network cisco | 5.8 |
| 2015-01-09 | CVE-2014-8028 | Cross-site Scripting vulnerability in Cisco Secure Access Control System Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Secure Access Control System (ACS) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq79019. | 4.3 |
| 2015-01-09 | CVE-2014-8027 | Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Access Control System The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via crafted HTTP requests, aka Bug ID CSCuq79034. | 6.5 |
| 2014-12-24 | CVE-2014-7994 | Improper Input Validation vulnerability in Cisco products Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to execute arbitrary commands by leveraging knowledge of a cross-device secret and a per-device secret, and sending a request to an unspecified HTTP handler on the local network, aka Cisco-Meraki defect ID 00301991. | 5.4 |
| 2014-12-23 | CVE-2014-8026 | Cross-Site Scripting vulnerability in Cisco Jabber Guest Cross-site scripting (XSS) vulnerability in the Guest Server in Cisco Jabber allows remote attackers to inject arbitrary web script or HTML via a (1) GET or (2) POST parameter, aka Bug ID CSCus08074. | 4.3 |